Skip to the main content

0344 863 8000
Sign up for our Newsletter
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon

Legitimate interest v. consent: what’s right for your business?

Legitimate interest v. consent: what’s right for your business?

At Arena’s latest webinar on the GDPR, valuable insights on the relative features and merits of consent and legitimate interest were shared with some pragmatic advice from commercial law firm, 3volution.

“The GDPR anticipates that businesses do not just sell one product and one service, you are entitled to contact existing customers for that legitimate business purposes,” explains 3volution’s Sara Ludlam.

At the root of this approach is the assertion that you know your business and your customers and whether they needs aftersales services, and how often they tend to change their cars, so you have a legitimate business interest to retain and use their contact data.

The scenario of a car dealership was discussed as an example, with the selling of cars and managing customer marketing and communications activities for additional services such as MOT and servicing, and repeat purchases in the future. This is easy to relate to many other business sectors. 

However, there are different responsibilities associated with using these two keys approaches as a lawful basis for managing and using customer contact information or data that should be considered. Under the GDPR the requirements for gaining consent are rigorous and consent may in reality be hard to retain. If offered, how many of us would agree when asked to have our details retained for marketing purposes?

Whilst consent may be right for many organisations, operating under the legitimate business interest basis is not to be viewed as the ‘easy option’ as to continue marketing activity you still have to meet certain key requirements. For example, you must still assess the risk to the individual or customer and ensure you have security and other measures in place, you need to have robust and relevant privacy and retention policy in place, and requests to have data removed or suppressed must be honoured.

“To rely on this basis, you have to have a record that you as a business have considered what is a legitimate interest for you genuinely,” explains Sara.

This blog is NOT to be taken as legal advice, and to understand and benefit from Sara’s opinions, you should view the webinar in full to hear her guidance first hand.

You can view the full webinar, ‘Managing and leveraging customer data under the GDPR: your questions answered’ here.

Also browse other GDPR resources and updates shared in our Expert News posts.



Expert News | Blog

View all news

© 2018 Arena Group Ltd | Cookies & Privacy | Terms of use | Web design by eskimosoup | Accessibility

The Arena Group comprises: Arena Group Holdings Limited, a company registered in England and Wales (with registered company number 03735943 and VAT number 734562528) and its subsidiary company: Arena Group Limited a company registered in England and Wales (with registered company number 02168309 and VAT number 458238033). The Registered office of all Arena Group companies is Armitage House, Thorpe Lower Lane, Robin Hood, Wakefield, WF3 3BQ. Authorised and regulated by the Financial Conduct Authority for credit-related regulated activities.